- A new Windows BitLocker encryption bypass tool named GreatXML has been released by security researcher Chaotic Eclipse.
- The vulnerability can be triggered if a user has ever initiated a Windows Defender Offline Scan, allowing unauthorized access to encrypted drives.
- This release follows the recent disclosure of “RoguePlanet,” a Microsoft Defender flaw, and “YellowKey” (CVE-2026-45585), another BitLocker bypass patched this week.
Security researcher Chaotic Eclipse disclosed a new Windows BitLocker bypass called GreatXML on June 11, 2026, claiming the discovery was accidental and took only four hours. The vulnerability reportedly exists if a user has ever attempted to use the Windows Defender Offline Scan feature, according to the researcher.
The exploit involves copying specific XML files to the system’s recovery partition and then rebooting into the Windows Recovery Environment (WinRE). Consequently, following the steps correctly spawns a shell with unrestricted access to the BitLocker-protected volume.
Chaotic Eclipse noted that the bug might still be triggered without prior use of the offline scan. Meanwhile, this is the researcher’s second BitLocker bypass tool released recently, following the patched “YellowKey” vulnerability.
The “GreatXML” disclosure comes just one day after Chaotic Eclipse published an exploit for Microsoft Defender. That earlier flaw, named RoguePlanet, is a zero-day that facilitates local privilege escalation to SYSTEM privileges.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
